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In the specification: 

Change the paragraph beginning at page 9, line 23, to read 
as follows: 

--Referring now to Figo . — 3A Fig. 1A , the different data items 
used as part of the invention are shown as including two data 
stores: a knowledge base 11 of generic risk records (risk records 
not associated with any particular profile or context) organized 
by category, and a contexts data store 12, each context serving 
as a folder (sub-data-store) of a set of logically related 
profiles, each profile in turn serving as a folder of a set of 
(non-generic) risk records. Fig. 1A shows that a risk record 
(actually a collection of table entries in the preferred 
embodiment of a relational database implementation, as described 
below in connection with Fig. ID), includes four main components: 
a risk component, a cause component, one or more consequence 
components, and one or more control components, each of which is 
either a preventive control or a corrective control. -- 

Change the paragraph beginning at page 10, line 7, to read 
as follows: 

--Referring now to Fig. IB, the knowledge base 11 and the 
context data store 12 are shown in a tree structure 
representation. A plus sign placed to the left of a block is 
used to indicate that the block includes contents that are not 
shown in the view, i.e. in the terminology used in a graphical 
user interface tree structure representation of the content of a 
disk drive, such as provided by the WINDOWS EXPLORER Windowo 
Explorer file manager application available as part of the 
WINDOWS Windowo operating systems provided by Microsoft 
Corporation, the block is not fully expanded. A minus sign to 
the left of a block indicates that a block is fully expanded, 
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i.e. that its full content to the next level in the tree 
structure is shown. Thus, referring in particular to Fig. IB, a 
context folder is shown containing two profiles, one of which is 
expanded to show that it contains two risks. One of the risks is 
in turn expanded to show that it contains two preventive 
controls, two consequences, and one cause. Finally, one of the 
consequences is expanded to show that it contains two corrective 
controls . - - 

Change the paragraph beginning at page 25, line 3, to read 
as follows: 

--In creating the action plan, the user will typically 
configure a view of some or all the controls of a profile. In 
the preferred embodiment of the invention, as indicated in Fig. 
4, with a list of all the controls of the profile, a user is able 
to assign a value to fitness for more than one control at a time 
by highlighting (selecting) each control that is to be assigned 
the same value for fitness (such as for example the value 
rcdundant key , which is the value shown selected in Fig, 4 ) and 
then clicking on a tab indicating fitness so that a drop-down 
list appears, from which the particular value to be assigned to 
all of the selected controls is picked and ends up being attached 
to each selected control. 

Change the paragraph beginning at page 25, line 14, to read 
as follows: 

--Referring now to Fig. 5, a scenario is indicated in which 
a user updates the quantitative or subjective fields in the risk 
records of a profile based on values stored in the knowledge 
base. In this scenario, after updating the fields, the user 
reviews the values provided by the knowledge base and decides 
whether to override any of the values . The values provided by 
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the knowledge base include values for each of the measuring 
fields: the inherent likelihood of a risk, the inherent cost of 
the consequence, and the effectiveness of a control. In a next 
step according to this scenario, the user reviews all risks 
ranked in order of residual rating. The user reviews the values 
for the measuring fields associated with each risk and then, in a 
next step in which the user adjusts controls so as to fix the 
maximum and total risk to acceptable values (in terms of residual 
ratings) , the user accepts or overrides the values based on 
either actual experience of the user in connection with the 
profile, or based on other information or even simply based on an 
educated guess. The user then proceeds as in the previous 
scenario to create an action plan beginning with the step of 
reviewing all risks ranked in order of residual risk.-- 

Change the paragraph beginning at page 29, line 1, to read 
as follows: 

--As explained above, in the preferred embodiment, the 
invention provides a graphical user interface in which 
information is presented to a user in one or more windows, such 
as the so called windows of the product WINDOWS EXPLORER Windowp 
Explorer provided by Microsoft Corporation as part of operating 
system MICROSOFT WINDOWS Microoof t Windows . The present 
invention, however, in the preferred embodiment, extends the use 
of windows compared to the use made by WINDOWS EXPLORER Windowp 
Explorer . While WINDOWS EXPLORER Windows Explorer provides lists 
of data in columns in a window to the right of a selected item in 
a left hand window, the present invention allows a user to select 
multiple items in a left hand window and show the corresponding 
data for all of the selected items in the right hand window. For 
example, if the user selects several different profiles in a left 
hand window, the right hand window will show the values of the 
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fields for each. risk record in the selected profile as well as 
indicating the profile containing the risk records. In addition, 
the user is then able to interact directly with the values of the 
fields of the different risk records that are displayed in the 
right hand window, including editing the values of any such 
fields. Further, the invention allows a user to have the system 
display in the right hand window more than one list, each list 
possibly providing the data in more than one selected item 
(profile) in the left hand windows- 
Change the paragraph beginning at page 29, line 25, to read 
as follows: 

--As mentioned above, the invention offers a mixture of use 
sophistication, or in other words, different modes of use (as 
opposed to modes of analysis, described above, including for 
example the controls self -assessment mode of analysis) . 
Referring now to Figs. 9A-9C, three increasingly sophisticated 
ways of using the invention are illustrated. Referring now in 
particular to Fig. 9A, the most straightforward use of the 
invention, i.e. the first stage of sophistication, is shown as a 
use in which four fields are manually assessed (i.e. values are 
provided for the fields by the user) : the inherent likelihood and 
the inherent risk impact cost fields (from which the inherent 
risk rating is calculated by the invention) , and the residual 
likelihood and the residual risk impact cost fields (from which 
the residual risk rating is calculated by the invention) . (An 
"M" inside a data-item block indicates that the item is manually 
assessed, i.e. the field corresponding to the data is being 
treated as a measuring field instead of a calculated field. A 
W C" inside such a block indicates that the data item is 
calculated by the invention. The "R" in the diagram indicates 
risk, the "Q" represents consequence, and the a subscripted "C" 
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represents a control, subscripted with a "Q" to indicate either a 
preventive control, and so associated directly with the risk, or 
subscripted with a "R" to indicate a corrective control, and so 
associated directly with the consequence.) In this most 
straightforward use of the invention, there is no assessment of 
controls, or in other words, the effectiveness of each control is 
not entered expressly, but the effect of one or more controls is 
implicitly taken into account by the user entering the residual 
likelihood and residual consequence. Correspondingly, whether 
the user provides consequences at the consequence level is 
optional . - - 

Change the paragraph beginning at page 31, line 25, to read 
as follows: 

-- Referring now to Fig.9C, i -£n stage three, the user makes 
an assessment (manual input) of the effectiveness of the controls 
at both the preventive control level and the corrective control 
level, and the invention then calculates at the risk level the 
corresponding residual likelihood and residual risk impact cost 
(the invention finally calculating the residual risk rating based 
on the residual likelihood and residual risk impact cost values) . 
The calculations for both the residual likelihood and residual 
risk impact cost are aggregate calculations, i.e. they account 
for the effect of all preventive and corrective controls for the 
risk. The invention also then calculates the mean control values 
as the difference between the inherent levels and residual levels 
at the risk level, i.e. based on the aggregate calculations. 
(The mean control values are therefore for information only; they 
are not used to determine the residual risk rating. )-- 
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